Security check

Open ports: everything reachable is attack surface

Databases, admin panels and old services that happen to be internet-exposed are one of the most common ways in. We map your open ports and flag what shouldn't be there.

Run a free domain scan All checks β†’
Relates to: NIS2 Β· art. 21 β€” operational security ISO 27001 Β· A.8.20 network security CIS Β· Controls v8

What we check

With our internal agent, which you run in your network, we map open ports and identify the services behind them: exposed databases, admin interfaces, remote access (RDP/SSH), old or unexpected services. (Scanning your public IP surface from the outside is on our roadmap; today the mapping runs from the agent in your network.)

Why it matters

An internet-exposed database or admin panel with no reason is an open target. Most companies don't know exactly what they expose because it changes with every deploy and cloud change. Mapping it is the first step to closing it.

How Security Guru tests it

Common mistakes

  • Database (Postgres/Redis/Mongo) exposed to 0.0.0.0
  • Admin panel or dashboard reachable without VPN
  • Old service left behind after a migration
  • RDP/SSH open to the entire internet

What you get in the report

  • All open ports and services on your surface
  • What shouldn't be exposed, prioritised
  • Known CVEs on exposed versions
  • Mapping to ISO A.8.20 / CIS Controls

FAQ

Is port scanning intrusive?

Our mapping is lightweight and non-destructive β€” it identifies what's open, it doesn't attack the services.

How do you find all our IP surface?

We derive it from your domains, subdomains and known ranges. In continuous monitoring, newly added exposure is discovered automatically.

How often should I run it?

Continuously β€” exposure appears with every deploy and cloud change.

Want to know your status?

Run a free scan or order a full Security Assessment β€” prioritised, not noise.

Run a free domain scan